The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Urgent !!!!! Server Under Attack

Discussion in 'General Discussion' started by jotay, Apr 4, 2006.

  1. jotay

    jotay Member

    Joined:
    Oct 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Hi, One of my webpage has been haked ........

    How i can deny access to one or more IP to my server ?

    this is a log:

    The remote system 193.202.89.64 was found to have exceeded acceptable login failures on your server; there was 204 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.


    THIS IS OTHER LOG !!! :


    Security Violations
    =-=-=-=-=-=-=-=-=-=
    Apr 4 16:58:15 matrix1 sshd(pam_unix)[23289]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
    Apr 4 16:58:15 matrix1 sshd(pam_unix)[23288]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
    Apr 4 16:58:15 matrix1 sshd(pam_unix)[23290]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
    Apr 4 16:58:15 matrix1 sshd(pam_unix)[23286]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
    Apr 4 16:58:15 matrix1 sshd(pam_unix)[23285]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.156.103.134 user=root
    Apr 4 16:58:17 matrix1 kernel: audit(1144184297.923:7722084): user pid=23288 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication failure)'
    Apr 4 16:58:17 matrix1 kernel: audit(1144184297.924:7722106): user pid=23290 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication failure)'
    Apr 4 16:58:17 matrix1 kernel: audit(1144184297.934:7722166): user pid=23286 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication failure)'
    Apr 4 16:58:17 matrix1 kernel: audit(1144184297.935:7722188): user pid=23285 uid=0 auid=0 msg='PAM authentication: user=root exe="/usr/sbin/sshd" (hostname=217.156.103.134, addr=217.156.103.134, terminal=ssh result=Authentication

    THIS IS OTHER LOG:

    The remote system 217.156.103.134 was found to have exceeded acceptable login failures on your server; there was 40 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.

    PLEASE HELP !!!!!!!!!
     
  2. Murtaza_t

    Murtaza_t Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    476
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cPanel Access Level:
    Website Owner
    run this command :
    Code:
    ]# iptables -A INPUT -s 217.156.103.134 -j DROP
    Code:
    ]# service iptables save
    this will parmanently block that IP.

    But the best would be install APF anf BFD to deal with these bad guys automatically.

    http://forums.cpanel.net/showthread.php?t=30159
     
  3. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    And to add to the above post

    change the ssh port from port 22 to a unused port

    This in itself will stop almost all of the login attempts
     
  4. jotay

    jotay Member

    Joined:
    Oct 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Thanks Murtaza and Dave !!!
     
Loading...

Share This Page